Add payload signature requirement to content-publisher #1032
Description
Description
Currently, content-publishing-api accepts any valid payload for posting/announcement content to the chain. The only "authorization" done is to verify that, if the payload is on behalf of a single MSA, that MSA is validated to have an active delegation for the indicated Intent to the Gateway provider MSA. However, there is no validation done that the incoming request was actually originated by the owner of the MSA.
The assumption had been that Gateway would be an internal service serving a Provider's backend application, and so relied on network security. This is a flawed (or at least insufficient) security model.
A better model would be to have payloads signed & signatures checked by Gateway before accepting them. Payloads could potentially be signed by:
- The originating MSA
- The Gateway Provider account
- A Provider account with an active delegation from the indicated MSA
- A "whitelisted" Provider account